| Solution |
FortiWeb logging activity involves the 3 services process 'logd', 'indexd' and 'mysqld'
The 'indexd' service functions to index the raw logs to the mysql log table mapping, and the FortiWeb GUI Log & Report page will be accessing the log table mapping to display the relative logs.
- Enable the ‘indexd’ debug command: Use the following diagnose commands to check 'indexd' debug messages. These commands enable debugging of Let’s Encrypt with the highest debug level of 7.
diagnose debug application indexd 7
diagnose debug enable
To disable the debug:
diagnose debug application indexd 0
diagnose debug disable
When the 'indexd' debug is required:
- Log displaying delay in the GUI: The FortiWeb GUI log page may show a delay after a firmware version upgrade (major upgrade). Due to the log index table structure difference, FortiWeb will rebuild the MySQL log index table after the firmware version upgrade. The debug output of 'indexd' below shows the traffic-log added to the MySQL log index table mapping.
[indexd][04-08-15:51:43][WARNING!][_indexer_process_file][722]: /var/log/fwlog/root/disklog/tlog(2024-03-21-15:31:06).log has no mapping entry
[indexd][04-08-15:51:43][INFO][_create_log_table][2244]: database root_index create table 'tlog.3' ok: create table if not exists `tlog.3` (fileid int, offset int, length int, date int, time int, week int, month int, hour int, datetime bigint unsigned, log_id int, msg_id bigint unsigned, type int, subtype int, pri int, proto int,service int,status int default 0,reason int default 0,policy varchar(64),original_src varbinary(16),src varbinary(16),src_port int,dst varbinary(16),dst_port int,http_request_bytes bigint unsigned default 0,http_response_bytes bigint unsigned default 0,http_method int,http_url varchar(512),http_agent varchar(256),msg varchar(128),original_srccountry varchar(64) default 'N/A',srccountry varchar(64) default 'N/A',content_switch_name varchar(64) default 'N/A',server_pool_name varchar(64) default 'N/A',http_host varchar(256) default 'N/A',user_name varchar(128) default 'N/A',http_refer varchar(640) default 'N/A',http_version int default 0,dev_id varchar(64) default 'N/A',http_retcode int default 0,cipher_suite varchar(64) default 'N/A',x509_cert_subject varchar(256) default 'N/A',index date_index(date), index time_index(time), index msg_id_index(msg_id), index week_index(week), index month_index(month), index hour_index(hour), index datetime_index(datetime),index subtype_index(subtype), index pri_index(pri), index service_index(service),index status_index(status),index reason_index(reason),index policy_index(policy),index src_index(src),index dst_index(dst),index http_request_bytes_index(http_request_bytes),index http_response_bytes_index(http_response_bytes),index http_method_index(http_method),index srccountry_index(srccountry),index content_switch_name(content_switch_name),index server_pool_name(server_pool_name),index http_host_index(http_host),index user_name_index(user_name),index http_refer_index(http_refer),index http_version_index(http_version),index dev_id_index(dev_id),index cipher_suite_index(cipher_suite),index x509_cert_subject_index(x509_cert_subject)) engine=innodb default charset=utf8
[indexd][04-08-15:51:43][WARNING!][_process_log_file][1743]: @/var/log/fwlog/root/disklog, mapping table added, 'tlog.3' -> '/var/log/fwlog/root/disklog/tlog(2024-03-21-15:31:06).log'
- Log empty in GUI but raw log file existed: If the logd service is running properly and the logd debug shows as normal, check if the 'indexd' process is running and if indexing is in progress. If no debug output from the indexd debugging or MySQL error like below, try rebuilding the DB in FortiWeb.
[indexd][04-08-15:51:36][ERROR!!][indexer_init][239]: cannot connect mysql, try walk around (ret:0), mysqlerr 1:Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)
- Command to rebuild the DB:
FortiWeb# exec db rebuild
Related Document:
Common troubleshooting methods for issues that Logs cannot be displayed on GUI |
